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[57] ABSTRACT 

An identification card and method and apparatus for pro- 
ducing and authenticating such an identification card. A 
person whom the identification card will identify, is scanned 
to produce a digital signal which is compresse d, encrypte d, 
and coded as a two dimensio nal barcod e o r as some other 
appropriate form of codin g, which is incorporated into one 
portion of the identification card. The image is also printed 
or otherwise embodied onto another portion of the identifi- 
cation card. A text message maybe appended to the signal 
before it is encrypted and also printed as plain text on the 
identification card. In one embodiment the signal represent- 
ing the image is encrypted using a public key encryption 
system and the key is downloaded from a center. To validate 
the card the coded message is scanned, decoded, decrypted, 
expanded and displayed. The card may then be authenticated 
by comparison of the displayed representation of the image 
' and the displayed text message with the image and text 
■ message with the image and text message printed on the 
card. A secure record of the verification transaction is made. 
( In one embodiment the record is electronically notarized. 

i 

> 18 Claims, 2 Drawing Sheets 
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METHOD FOR VERIFYING AN 
IDENTIFICATION CARD AND RECORDING 
VERIFICATION OF SAME 

BACKGROUND OF THE INVENTION 

The subject invention relates to a method for verifying the 
authenticity of an identification card or similar item which 
serves as evidence of the identity of a person. More 
particularly, it relates to verification of identification cards 
which are protected against counterfeiting or misuse by the 
incorporation of encrypted information on the card. The 
subject invention further relates to a method of verification 
which also provides for the recording of verification trans- 
actions. (As used herein the term "identification card" will 
preferably refer to an item similar to an identification badge 
of the type used by businesses to identify their employees, 
but shall also include documents, magnetic disks, or other 
suitable items which can be used to record information about 
and identify a person.) 

It is known to authenticate documents by including in the 
document information in two forms; a "clear" form which is 
generally recognizable and an encrypted form which can 
only be produced with knowledge of a particular encryption 
key. Thus, U.S. Pat No. 4,853,961; for: "Reliable Document 
Authentication System"; to: Pastor; issued Aug. 1, 1959, 
discloses a system wherein a document is authenticated by 
encryption using a public key encryption system, and U.S. 
Pat No. 4,637,051; to: Clark, discloses a postage meter 
having an indicia which is authenticated by encryption. A 
particular application of such technology to identification 
cards is disclosed in U.S. Pat. No. 5, 426,700; to: Berson; 
for: Method and Apparatus For Verification Of Classes of 
Documents; issued Jun. 20, 1995, and in commonly 
assigned, co-pending U.S. application Sen No. 07/979,018; 
to: Marcus; filed: Nov. 20, 1992; which are hereby incor- 
porated by reference. 

While such identification cards are highly effective 
against counterfeiting there nevertheless remains a need in 
certain applications to maintain a secure record of verifica- 
tion transactions. For example, most states have laws to 
prevent the sale of liquor to minors. Penalties for violations 
range from 3 days to a week's suspension of a liquor license, 
for a first offense, and are expected to be made more severe 
in the future. At present however, even if a bar or liquor store 
owner properly checks identification (typically a driver 
license) he or she will generally have no way to prove that 
they did proper verify the identification. This problem is 
severe enough that some companies offer a video based 
archival system which records the image of the license and 
of the customer.presenting the license. If a dispute arises the 
video recording can be screened to find evidence of the 
verification transaction. There are, however, several prob- 
lems with these systems: 

Large amounts of video tape must be maintained; perhaps 
hundreds of hours for a large chain. 

When a dispute arises the video tapes must be viewed 
serially since no indexing can be provided. 

The information on the video tapes is not accessible by 
data processing systems. 

Often the license information is not legible. 

Similarly, in controlling access to high security areas it 
may be desirable to not only verify the identity of people 
being allowed access, but also to securely record the history 
of access to the secure area 

Also it would be desirable to record verification transac- 
tions together with other transaction information such as: 
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point of sale information describing items purchased, or the 
reasons given for seeking access to a secure area. 

It would also be desirable to record verification transac- 
tions in a manner such that they may be selectively accessed; 
5 for example to generate specialized mailings to customers of 
a liquor store. 

ITius it is an object of the subject invention to provide a 
method for verifying an identification card which includes 
encrypted information and to record such verification trans- 
1Q actions in an accessible manner. 

BRIEF SUMMARY OF THE INVENTION 
The above object is achieved and the disadvantages of the 
prior art are overcome in accordance with the subject 
invention by means of a method for verifying an identifi- 

15 cation card and recording verification of the card, where the 
. card includes information on a first portion of the card, the 
information including personal information r elating to th e ' 
person to be identifi e d, and an encrypted representation of "at 
least part of the information on a second portion of the card. 

20 the part including the personal ^formation. In accordance 
with the method of the su bject inve ntion the encrypted 
information is read from the card and then decrvptcd^to 
obtain a decrypted representation. The card is then verified 
by comparing the decrypted representation of the informa- 

25 Bon with me information on the first portion of the card and 
the personal information is stored as at least part of a record 
of the verification transaction. 

In accordance with one aspect of the subject invention the 
identification card has a first representation of a biometric 

30 characteristic of the person to be identified on the first 
portion and a coded representation of an encrypted signal 
incorporated on the second portion. The encrypted signal has 
a first part which includes a second representation of the 
biometric characteristic and a second part which includes 

35 other information about the person; which other information 
is stored as at least part of a record of the verification 
transaction. 

In accordance with another aspect of the subject invention 
the biometric characteristic is an image of the person and the 
4Q second representation is a compressed representation of the 
image. 

In accordance with another aspect of the subject invention 
other transaction information is appended to the record of 
verification. 

4$ In accordance with still another aspect of the subject 
invention the record of verification is stored in a database 
and the database is accessed to selectively retrieve the record 
of verification. 
In accordance with still another aspect of the subject 

so invention time or source data is appended to the record of 
verification. 

In accordance with yet another aspect of the subject 
invention the record of verification is digitally signed. 
In accordance with still yet another aspect of the subject 

53 invention the record of verification is electronically nota- 
rized. Thus it will be readily apparent that the subject 
invention achieves the above object and overcomes the 
disadvantages of the prior art in a highly advantageous 
manner. Other objects and advantages of the subject inven- 

60 tion will be apparent to those skilled in the art from 
consideration of the detailed description set forth below and 
the attached drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

65 FIG. 1 is a schematic block diagram of an apparatus for 
producing an identification card to be verified in accordance 
with the subject invention. 
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FIG. 2 is a schematic block diagram of an apparatus for incorporated into the second signal. Thus, like image I text 

verifying an identification card and recording verification of T is embodied in card C in both humanly recognizable form 

the card in accordance with the subject invention. on the front CF and coded and encrypted form on the back 

FIG. 3 is a schematic representation of a record of CB <* card <~ * cnibodimMt of the subject 

\t ^ * I tf K „,k;^ 5 invention a data center 40 transmits encryption code E, to 

verification 10 accordance with the subject invention. 5 ^ ^ ^ ^ secujity of 

DETAILED DESCRIPTION OF PREFERRED identification card C key E, may be changed from time to 

PM T, nnTMFNT c OF -yxrp ct miRTT tnnG ' For me levd of sccunt y kc y E f ^ be changed 

SUBJECT f<)r each card c producc(L To facilitate decryption of 

u iQ encrypted information E,[M] data center 40 also transmits an 

FIG. 1 shows a schematic block diagram of apparatus 10 1 encrypted decryption key X[DJ to be appended to the 

for producing an identification card C. Person P, for whom encrypted information E,[M] by coder module 22. Encryp- 

the identification card is intended, is scanned by a conven- tion key X can be either a class encryption key CE for a 

tional video scanner 12 to produce a first signal represen- particular class of documents produced by apparatus 10, or, 

tative of that person's image. The first signal is then con- 15 in other embodiments of the subject invention may be a 

verted to a digital form by an analog-to-digital converter 14 group encryption key GE for a group of classes of 

for processing in the digital domain. documents, or in still other embodiments of the subject 

The first signal is then input to a compression module 16 invention decryption toy D, can be encrypted with both a 

where it is compressed to reduce the amount of data which <* ass ^SS?? ° DC " encr ^° n 

must be stored on identification card C. 20 ke ^ s AddiUonally an unencrypted representation of the 

^ . ,| j * j f particular class C, is also appended to the encrypted lnfor- 

Data compression algorithms, specifically adapted for m modulc u ^ as will ^ seen 

compression of viaeo image signals, are known to those when cafd c ^ t0 be verified me necessary deayp _ 

sfcUed in the art. Preferably, an algorithm known as the tion can be obuined b decrvptmg eacTypted decryp- 
JPEG algorithm, which is known and commercially avail- ^ ' , 

able is used in compressor 16. f^ord^^ 25 ^ ^ 50 ^ &n 

operation of compressor 16 is not believed necessary to an card c is show ^ ^ e back a* of ^ is 

understanding of the subject invention. by fl barcode scaimer 52 ^ving the capability to 

The compressed first signal is then input to an encrypter scan m appropriate two dimensional barcode. The scanned 
20 to be included in the encrypted second signal which will signal h thcn by module 54 and decrypted 

be incorporated into identification card C, as will be 30 b ^crypter module 58 

described further below. Encrypter 20 encrypts the second x fa obtained 5 d ter 53 ^m center 

signal using an encryption key, E„ for a pubhc key encryp- 4Q ^ ^ x ^ remain constant duri operation 
tion system such as the well known RSA system. rf 50 u described above ^ ^ a ^eci communica- 

The encrypted second signal is then encoded in accor- ^ tion ^ oetween system 50 and center 40 is not necessary 
dance with some predetermined format by coder module 22, an( j ^ e y x may be transmitted in any convenient manner, 
which controls code generator 24 to incorporate the encoded ^ ^crypted scan signal ^ men expanded in module 60 
encrypted second signal in a portion of identification card C. by an complimentary to the compression algo- 

In accordance with a referred embodiment of the subject rithm used in system 10, in a conventional manner which 
invention the coded signal is coded as a two dimensional 4Q nec d no t be described further for an understanding of the 
barcode, such as the PDF-417 standard barcode, developed subject invention. 

by the Symbol Technology Corporation of New York. ^ (tgcrypted, expanded signal is then displayed by a 
However, the encrypted second signal may be coded into conventional display 62. The display includes a representa- 
any suitable format. For example, for a smart card or a tioD M of j and me text meS sage T which was 

memory card coder 22 and code generator 24 may store the 45 i ncm <ieci in the encrypted second signal scanned from card 
coded second signal as an appropriately formatted binary back (3 To verif y me card j ^ compared with its 
data block. representation RI and the text message T as printed on card 

Where the coded second signal is represented as a two C and as shown on display 62 are compared. It should be 
dimensional barcode the barcode will preferably be printed noted that with compression representation RI will be some- 
on back CB of identification card C. 50 what degraded with respect to image I It has been found 

The digitized first signal is also input to printer 20 which however that using the above described JPEG algorithm a 
may use any appropriate technology for the production of sufficiently accurate representation of an image of a person's 
identification card C to print an image of person P on front face may be coded as approximately 1,000 bytes of data and 
CF of identification card C. Front CF and back CB are then printed using the above described PDF-4 17 two dimensional 
combined and laminated using well known technology by 35 barcode in an area of approximately 2.50 by 1.75 inches on 
laminator 32 to product identification card C. the back of a substantially conventional wallet sized card. Of 

Text input 30 provides text message T and at least a course, as described above, with improvements in storage 
portion of text message T, which preferably includes other technology and/or the use of media having a high data 
personal information such as name, address, license number, storage capacity as embodiments of identification cards C 
etc. relating to person P, is combined with the compressed 60 representation RI can be arbitrarily close to image L 
form of the first signal to form the second signal which is Once card C is validated by comparison of image I and 
encrypted by encrypter module 20 to provide encrypted text message T printed on card from CFwith representation 
information. E^MJ. Text message T is also printed as plain RI and the text message T as shown on display 62 then the 
text on the front CF of card C. Alternatively, text T may be identify of the person P carrying card C may be confirmed 
compressed; as for example by deletion of control 65 by coraparison of person P with image L Text message Twill 
characters, which are restored in accordance with a prede- then confirm the identity of person P and may also confirm 
termined format when text T is recovered, before text T is the status or characteristics of person P. 
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It should be noted that encryption is used with identifi- U.S. Pat, No. 5,022,080; to: Durst et al; issued: Jun. 4, 1991, 

cation card C not for purposes of concealment, since infer- which is hereby incorporated by reference. Other methods 

mation M is included on Card C in clear form, but for the (such as digitally signing a document to which information 

purpose of verifying card C. Those skilled in the art will thus derived from previous documents in a stream of documents 

recognize that rather than encrypting all of information M 5 has been appended so that the position of the document in 

the equivalent process of digitally signing information caw the stream of documents is established) for securely estab- 

be used Digital signatures are well known as a means of lishing the time of recording and content of a message are 

authenticating messages without encrypting the entire mes- known and are included within the meaning of the term 

sage. A port ion of the message is selected using any of a "electronic notary" as used herein. 

number of known "hash functions" and encrypted. The 1 Q In another preferred embodiment of the subject invention 

encrypted "hash* is then appended to the message as a data processor 110 accesses database store 86, using con- 

digital signat ure. The message may then be verih'eTTv ventional database access the techniques, to generate various 

'decrypting the digital signature and comparing it to the reports of verification transactions. For example in a liquor 

W or bv regenerating t he digital signature fro"n71he~ ? torc application data processor 110 might generate fecial. 

message and comparing it to die ap^nd ed digital stenature , , ^ mailings. Or reports 112 of access by par- 

A - §. 1t , ,urLm. "A^^-n^ anH "H^Urt^w* fan ' A ticulaT persons or during particular time periods can be 

i^cordmg^to ^ms encrypting aqrt faitfhn f t fe gd . * . m an audit ^ of verification 

related forms of these terms) are inte nde d, as used herein, to activity 

include the corresponding functions of generating and veri - ^ . . Ct . ^ . „ v . - 1Q 

g , , ji 11 i i — 1 T ? .7. .4. ° k . fllM , IM In another embodiment of the subject invention link 118, 

wnp Qipw ytures^t will apparent mat the a^hitecture ^ be communications link, connects 

of apparatus 10 and 50 remains ; unchanged with the only a ^ ^ ^ tQ icm ^ ^ or 120 to down . 

difference in operation being that display 62 must now ^ ^ fQf remDte —egging. 

display an express indication that the digital signature has m ferTed embodimcnts described above have been 
been verified since image RI and text T are displayed ^ fay way of ^ and omer cmbodimcnts of 
without decryption. the invention will be apparent to those skilled in the 
Returning to FIG. 2 a secure record of a verification 25 ^ from consideration of the detailed descriptions set forth 
transaction is provided in accordance with the subject inven- and ^ attached drawings. Particularly, it will be 
tion by transmitting at least a portion of information M to apparent mat card C need not include any biometric char- 
secure verification record system 70. This portion will acteristic but that a degree of security can be achieved using 
include at least part of decrypted text T describing personal only enci ypted text information on card C. Accordingly, 
information relating to person P, and in some eiribodiments 30 limitations on the subject invention are to be found only in 
wfll include the decrypted image of person P. In other ±t daims set forth 
embodiments the record of verification wfll also include a is Maimed is: 

new image generating by scanner 72 and transaction infor- x A for verif y mg ^ identification card and 

mation input through input 76. In some appkeations trans- recording verification of said card, said card having a first 

action information can be point of sale information while in 35 representation of a biometric characteristic of a person to be 

other applications, such as access control, the transaction identified on a first portion and a coded representation of an 

information can include explanations of the transaction. encrypted signal incorporated on a second portion of said 

Generally, the transaction information will also include a ^ said encrypted signal having a first part comprising a 

record of whether or not verification was successful. second representation of said biometric characteristic and a 

Record system 70 includes electronic notary 78, which in 40 second part comprising other information about said person, 

turn includes a source identification such as machine number sa i d method comprising the steps of: 

80 and a secure, tamper proof clock 84. Electronic notary 78 a) reading said coded representation from said card; 

combines the portion of information M received from b)dcood ing said coded representation to obtain a decoded 

decrypter 58 with the new image from scanner 72 and representation* 

transaction information from input 76 to generate a secure 45 v , ' . . . . 4 . . . 

.vT , . fl w _ *\ . 6 .„ . , ... c) decrypting said decoded representation to obtain said 

record of the verification transaction, as will be described ' J * . , K A Ui . . 

funherbclow.TOsrecoTdis^astor.dindatabases.arege ^^T^oT 

in a conventional manner. * , IT "~ ' . - , . . 

Turning to FIG. 3, secure verification transaction record d > ven ^f ^aid card by comparing said first and second 

90 is shot* Record 90 includes source identification 92, 50 representations of said biomemc charact^tic; 

which is preferably machine number 80 or similar identifi- e ) arecordof vertfcationof said card, said record 

cation of the source of the record, and time 96, which is lncludm g said other information; and 

preferably provided by secure clock 84 so that the system *) ^tally signing said record and then storing said 

operator or a third party cannot falsify the time at which the record. 

verification transaction took place. Record 90 also includes 55 2. A method as described in claim 1 wherein said bio- 
decrypted text 98 which includes at least personal informa- nietric characteristic is an image of said person and said 
tion relating to person P whose identify is being verified. In second representation is a compressed representation of said 
a preferred embodiment of the subject Invention record 90 image. 

also includes decrypted image 100 from decrypter 58 and 3. A method as described in claim 1 further comprising the 

new image 102 from scanner 72 and transaction information 60 steps of: 

104 from input 76. Record 90 is then electronically notarized a) scanning said person to obtain a representation of a new 

by appending digital signature 108 in a conventional man- image of said person; and, 

ner. Generally, electronic notarization includes appending b) storing said representation of said new image as a 

secure time information to a message and then digitally further part of said record of verification, 

signing the message to provide assurance that the message 65 4; A method as described in claim 1 further comprising the 

was recorded at that particular time. Such electronic nota- step of storing said second representation of said biometric 

rization is known and is described in U.S. patent number in characteristic as a further part of said record of verification. 
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5. A method as described in claim 1 further comprising the d) creating a record of verification of said card, said 
step of appending transaction information to said record of record including said personal information; and 
verification. e) digitally signing said record and then a storing said 

6. A method as described in claim 1, wherein said record record. 

of verification is stored in a database, further comprising the 5 \2. a method as described in claim 11 further comprising 

step of accessing said database to selectively retrieve said the steps of: 

record of verification. a) scanning ^ ^on to obtain a representation of an 

7. AmemodasdescnbedmdaimlfwmerconmTisingthe of said p^o,,. an(i , 

step of appending time or source data to said record of ... c . *■ - 

verification 10 ^ storing said representation of said image as a further 

8. A method as described in claim 1 wherein said record i Pf of ^ t ^fj^ ifi f ^ 

of verification is electronically notarized. fc 13 * "f hod ^described in claim 11 further comprising 

9. A method as described in claim 1 further comprising the *f tranSaCtl0n mf ° nnatl0n t0 Mld reCOrd 
step of generating an audit trail of verification activity, said oi venfccaUon. ~. . . . SA 

audit trail toduding at least part of said record of verifica- 15 M . m C ^f h U ' 

tion & r record of verification is stored in a database, further com- 

10. A method as described in claim 1 further comprising P™*& *«. *P «f«^» f d database t0 
the step of downloading at least part of said record of re * eve . ^S*** v ?* c . atl ° n -. 

verMcation to a remote data processing system. tU 1S ; A method as described in claim 11 further compnsing 

A j j* • -j *• . i the step of appending time or source data to said record of 

11. A method for verifying an identification card and 20 * * _ B 

recording verification of said card, said card having infor- venncauon. j • 1 • n u • j 

mation on a first portion, said information including per- f 16 ' ^thod ^ ^ed in claim 11 wherein said record 

sonalinformationre^^ of ca ^ n J s electronically notanzect 

encryptrtnprem^ 17. A method as described in chum 11 fur^er cornpnsing 

on a second portion, said part induding said personal 25 toe -of generating ,an audi traU of verfcaUon activity 

information said method comprising the sfeps of: v 2ficSn 

a) reading said encrypted representation from said card; V 18 ° A M described m claim u father comprising 

b) decrypting said encrypted representation to obtain a the step of downloading at least part of said record of 
decrypted representation; ^ verification to a remote data processing system. 

c) verifying said card by comparing said decrypted rep- 
resentation with said information; and ***** 
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